yet another idmap rewrite - still for 3.6 ?

simo idra at
Fri Jul 30 19:19:30 MDT 2010

On Fri, 2010-07-30 at 17:47 +0200, Michael Adam wrote:
> as many of you know, I have been working hard on YAIR -- yet
> another idmap rewrite for samba3.

Hi Michael,
do not read this mail as any sort of veto, but I would like to throw in
an idea.

The main complaint I hear from everywhere is how difficult it is to
configure idmapping, and I am wondering if we shouldn't simply decide to
offer less options and force things a bit. We could tie back idmapping
to the passdb module being used and automatically select the backend
based on the configuration. So if ldapsam is in use idmapping is
forcibly done through ldap, if tdbsam is used then we use idmap_tdb (or
automatically base on ctdb configuration idmap_tdb2. If smbpasswd is
used then idmap_rid.
Maybe an exception could be for AD membership, if security ads is
selected then we autodetect if rfc2307bis attributes are availbale and
if they are not then we automatically fallback to idmap_tdb, same for
trusted domains.

I don't know if this is too much of a loss of functionality, but it
looks like that at least a good chunk of users would probably find it
easier to understand and manage.

Just my 2c. Crazy ideas driven by heat :)


Simo Sorce
Samba Team GPL Compliance Officer <simo at>
Principal Software Engineer at Red Hat, Inc. <simo at>

More information about the samba-technical mailing list